npm - clawmini - Versions diffs - 0.0.7 → 0.0.9 - Mend

clawmini 0.0.7 → 0.0.9

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (367) hide show

package/.changeset/README.md +8 -0
package/.changeset/config.json +14 -0
package/.github/workflows/release.yml +49 -0
package/CHANGELOG.md +36 -0
package/README.md +5 -4
package/dist/adapter-discord/index.d.mts.map +1 -1
package/dist/adapter-discord/index.mjs +465 -282
package/dist/adapter-discord/index.mjs.map +1 -1
package/dist/adapter-google-chat/index.mjs +367 -243
package/dist/adapter-google-chat/index.mjs.map +1 -1
package/dist/cli/index.mjs +684 -24
package/dist/cli/index.mjs.map +1 -1
package/dist/cli/lite.mjs +43 -13
package/dist/cli/lite.mjs.map +1 -1
package/dist/cli/{propose-policy.mjs → manage-policies.mjs} +270 -47
package/dist/cli/manage-policies.mjs.map +1 -0
package/dist/cli/run-host.d.mts +1 -0
package/dist/cli/run-host.mjs +3090 -0
package/dist/cli/run-host.mjs.map +1 -0
package/dist/config-CPFQIGdG.mjs +57 -0
package/dist/config-CPFQIGdG.mjs.map +1 -0
package/dist/config-Dvl-Pov4.mjs +76 -0
package/dist/config-Dvl-Pov4.mjs.map +1 -0
package/dist/daemon/index.d.mts.map +1 -1
package/dist/daemon/index.mjs +970 -332
package/dist/daemon/index.mjs.map +1 -1
package/dist/supervisor-actions-CiW56eLi.mjs +843 -0
package/dist/supervisor-actions-CiW56eLi.mjs.map +1 -0
package/dist/turn-log-buffer-DRgW53gl.mjs +767 -0
package/dist/turn-log-buffer-DRgW53gl.mjs.map +1 -0
package/dist/web/_app/immutable/chunks/{Drm9vgeP.js → 3AZlWB6U.js} +1 -1
package/dist/web/_app/immutable/chunks/BhRSsUCh.js +2 -0
package/dist/web/_app/immutable/chunks/BiLeM2i1.js +1 -0
package/{web/.svelte-kit/output/client/_app/immutable/chunks/CME08kGM.js → dist/web/_app/immutable/chunks/BmBj85Ll.js} +1 -1
package/dist/web/_app/immutable/chunks/BrERcKAH.js +1 -0
package/dist/web/_app/immutable/chunks/Bv9252RM.js +1 -0
package/dist/web/_app/immutable/chunks/CIXNBPKi.js +1 -0
package/dist/web/_app/immutable/chunks/DISKL3GN.js +2 -0
package/dist/web/_app/immutable/chunks/{Zeh-C-mx.js → DcpaLzmX.js} +1 -1
package/dist/web/_app/immutable/chunks/DnQ3vS13.js +1 -0
package/dist/web/_app/immutable/chunks/KsloHTKS.js +1 -0
package/{web/.svelte-kit/output/client/_app/immutable/chunks/Ck-be5J2.js → dist/web/_app/immutable/chunks/RsHsUj-8.js} +2 -2
package/dist/web/_app/immutable/chunks/{G_zz-Gou.js → wpfV79dV.js} +1 -1
package/dist/web/_app/immutable/entry/app.CIw1Qj0n.js +2 -0
package/dist/web/_app/immutable/entry/start.Di0-Jhte.js +1 -0
package/dist/web/_app/immutable/nodes/{0.CYS8iApT.js → 0.DYyUA1au.js} +1 -1
package/dist/web/_app/immutable/nodes/1.D-3QEMMZ.js +1 -0
package/dist/web/_app/immutable/nodes/{2.BnwnD1Ki.js → 2.4olHnH7U.js} +1 -1
package/{web/.svelte-kit/output/client/_app/immutable/nodes/3.Dr0ot9sV.js → dist/web/_app/immutable/nodes/3.4w0bE-m2.js} +3 -3
package/dist/web/_app/immutable/nodes/4.CZvjhVHt.js +60 -0
package/dist/web/_app/immutable/nodes/{5.BBGQ_i84.js → 5.DLbPVJY2.js} +1 -1
package/dist/web/_app/version.json +1 -1
package/dist/web/index.html +12 -12
package/dist/workspace-oWmVh5mi.mjs +1001 -0
package/dist/workspace-oWmVh5mi.mjs.map +1 -0
package/docs/23_adapter_slash_autocomplete/development_log.md +19 -0
package/docs/23_adapter_slash_autocomplete/notes.md +18 -0
package/docs/23_adapter_slash_autocomplete/prd.md +46 -0
package/docs/23_adapter_slash_autocomplete/questions.md +6 -0
package/docs/23_adapter_slash_autocomplete/tickets.md +21 -0
package/docs/24_subagent_job_policy_fixes/development_log.md +22 -0
package/docs/24_subagent_job_policy_fixes/notes.md +28 -0
package/docs/24_subagent_job_policy_fixes/prd.md +59 -0
package/docs/24_subagent_job_policy_fixes/questions.md +3 -0
package/docs/24_subagent_job_policy_fixes/tickets.md +49 -0
package/docs/25_e2e_test_improvements/development_log.md +30 -0
package/docs/25_e2e_test_improvements/notes.md +29 -0
package/docs/25_e2e_test_improvements/prd.md +43 -0
package/docs/25_e2e_test_improvements/questions.md +12 -0
package/docs/25_e2e_test_improvements/tickets-2.md +22 -0
package/docs/25_e2e_test_improvements/tickets.md +22 -0
package/docs/25_policy_cwd/development_log.md +30 -0
package/docs/25_policy_cwd/notes.md +28 -0
package/docs/25_policy_cwd/prd.md +77 -0
package/docs/25_policy_cwd/questions.md +6 -0
package/docs/25_policy_cwd/tickets.md +77 -0
package/docs/CLI_REFERENCE.md +3 -1
package/docs/PHILOSOPHY.md +35 -0
package/docs/adapter-visibility/SPEC.md +461 -0
package/docs/adapter-visibility/SPEC_v2.md +202 -0
package/docs/auto-update/SPEC.md +344 -0
package/docs/backups/SPEC.md +296 -0
package/docs/backups/clawmini.gitignore +69 -0
package/docs/guides/assets/clawmini-avatar.png +0 -0
package/docs/guides/backups.md +332 -0
package/docs/guides/discord_adapter_setup.md +1 -1
package/docs/guides/google_chat_adapter_setup.md +81 -0
package/docs/unified-startup/SPEC.md +203 -0
package/e2e/_helpers/test-environment.test.ts +49 -0
package/e2e/_helpers/test-environment.ts +548 -0
package/e2e/adapters/_google-chat-fixtures.ts +340 -0
package/{src/cli/e2e → e2e/adapters}/adapter-discord.test.ts +22 -23
package/e2e/adapters/adapter-google-chat-downtime.test.ts +157 -0
package/e2e/adapters/adapter-google-chat-inbound.test.ts +697 -0
package/e2e/adapters/adapter-google-chat-outbound.test.ts +297 -0
package/e2e/adapters/adapter-google-chat-roundtrip.test.ts +56 -0
package/e2e/adapters/adapter-google-chat-threads.test.ts +1078 -0
package/e2e/agents/custom-api-env.test.ts +80 -0
package/e2e/agents/export-lite-func.test.ts +104 -0
package/e2e/agents/fallbacks.test.ts +124 -0
package/e2e/agents/interrupt.test.ts +50 -0
package/e2e/agents/no-reply-necessary.test.ts +57 -0
package/e2e/agents/session-timeout-subagents.test.ts +76 -0
package/e2e/agents/subagent-authorization.test.ts +246 -0
package/e2e/agents/subagent-env.test.ts +49 -0
package/e2e/agents/subagent-lifecycle.test.ts +782 -0
package/e2e/agents/subagents-depth.test.ts +47 -0
package/e2e/cli/agents.test.ts +176 -0
package/e2e/cli/auto-update.test.ts +741 -0
package/e2e/cli/basic.test.ts +44 -0
package/{src/cli/e2e → e2e/cli}/export-lite.test.ts +16 -12
package/e2e/cli/init-gitignore.test.ts +86 -0
package/e2e/cli/init.test.ts +76 -0
package/e2e/cli/messages.test.ts +363 -0
package/e2e/cli/serve.test.ts +76 -0
package/{src/cli/e2e → e2e/cli}/skills.test.ts +11 -10
package/{src/cli/e2e → e2e/daemon}/daemon.test.ts +57 -195
package/e2e/jobs/agent-jobs.test.ts +216 -0
package/e2e/jobs/cron.test.ts +64 -0
package/e2e/jobs/restart.test.ts +108 -0
package/e2e/policies/approval-session.test.ts +69 -0
package/e2e/policies/auto-create-policies-file.test.ts +35 -0
package/e2e/policies/builtin-manage-policies.test.ts +184 -0
package/e2e/policies/builtin-run-host.test.ts +180 -0
package/e2e/policies/environment-policies.test.ts +177 -0
package/e2e/policies/manage-policies.test.ts +566 -0
package/e2e/policies/output-size.test.ts +98 -0
package/e2e/policies/policies-context-cwd.test.ts +160 -0
package/e2e/policies/relative-script-path.test.ts +60 -0
package/e2e/policies/requests-show.test.ts +135 -0
package/e2e/policies/requests.test.ts +208 -0
package/e2e/policies/slash-policies.test.ts +308 -0
package/e2e/policies/startup-cleanup.test.ts +48 -0
package/e2e/routers/session-timeout.test.ts +106 -0
package/e2e/routers/slash-model.test.ts +152 -0
package/e2e/routers/slash-new.test.ts +50 -0
package/e2e/routers/slash-restart-adapter.test.ts +96 -0
package/e2e/routers/slash-restart.test.ts +114 -0
package/e2e/routers/slash-shutdown.test.ts +55 -0
package/e2e/routers/slash-stop.test.ts +232 -0
package/e2e/routers/slash-upgrade.test.ts +88 -0
package/{src/cli/e2e → e2e/sandbox}/environments.test.ts +14 -13
package/eslint.config.js +6 -0
package/napkin.md +1 -1
package/package.json +8 -3
package/src/adapter-discord/commands.test.ts +42 -0
package/src/adapter-discord/commands.ts +33 -0
package/src/adapter-discord/config.ts +12 -0
package/src/adapter-discord/forwarder.test.ts +499 -21
package/src/adapter-discord/forwarder.ts +343 -124
package/src/adapter-discord/inbound-cache.test.ts +47 -0
package/src/adapter-discord/inbound-cache.ts +37 -0
package/src/adapter-discord/index.test.ts +67 -2
package/src/adapter-discord/index.ts +84 -216
package/src/adapter-discord/interactions.test.ts +54 -3
package/src/adapter-discord/interactions.ts +97 -53
package/src/adapter-discord/processMessage.ts +239 -0
package/src/adapter-discord/state.ts +1 -0
package/src/adapter-google-chat/auth.test.ts +9 -5
package/src/adapter-google-chat/auth.ts +29 -23
package/src/adapter-google-chat/cards.ts +7 -2
package/src/adapter-google-chat/client.test.ts +37 -2
package/src/adapter-google-chat/client.ts +138 -38
package/src/adapter-google-chat/config.ts +19 -0
package/src/adapter-google-chat/forwarder.test.ts +81 -56
package/src/adapter-google-chat/forwarder.ts +394 -185
package/src/adapter-google-chat/inbound-cache.test.ts +61 -0
package/src/adapter-google-chat/inbound-cache.ts +36 -0
package/src/adapter-google-chat/state.test.ts +1 -0
package/src/adapter-google-chat/state.ts +9 -1
package/src/adapter-google-chat/subscriptions.ts +8 -6
package/src/cli/builtin-policies.ts +44 -0
package/src/cli/commands/agents.ts +59 -5
package/src/cli/commands/down.ts +54 -2
package/src/cli/commands/environments.ts +8 -2
package/src/cli/commands/init.ts +31 -0
package/src/cli/commands/logs.ts +116 -0
package/src/cli/commands/policies.ts +6 -4
package/src/cli/commands/serve.test.ts +67 -0
package/src/cli/commands/serve.ts +284 -0
package/src/cli/commands/up.ts +122 -2
package/src/cli/commands/web-api/agents.ts +3 -2
package/src/cli/index.ts +4 -0
package/src/cli/install-detection.test.ts +72 -0
package/src/cli/install-detection.ts +48 -0
package/src/cli/lite.ts +54 -22
package/src/cli/manage-policies-utils.ts +104 -0
package/src/cli/manage-policies.ts +291 -0
package/src/cli/run-host.ts +45 -0
package/src/cli/supervisor-actions.ts +267 -0
package/src/cli/supervisor-control.test.ts +129 -0
package/src/cli/supervisor-control.ts +155 -0
package/src/cli/supervisor-pid.ts +68 -0
package/src/cli/supervisor.ts +277 -0
package/src/daemon/agent/agent-context.ts +11 -11
package/src/daemon/agent/agent-session.ts +8 -1
package/src/daemon/agent/chat-logger.test.ts +78 -9
package/src/daemon/agent/chat-logger.ts +25 -5
package/src/daemon/agent/turn-registry.test.ts +89 -0
package/src/daemon/agent/turn-registry.ts +94 -0
package/src/daemon/agent/types.ts +2 -0
package/src/daemon/api/agent-policy-endpoints.ts +263 -0
package/src/daemon/api/agent-router.ts +47 -126
package/src/daemon/api/index.test.ts +1 -0
package/src/daemon/api/policy-request.test.ts +7 -5
package/src/daemon/api/router-utils.ts +6 -5
package/src/daemon/api/subagent-router.ts +110 -74
package/src/daemon/api/subagent-utils.test.ts +60 -0
package/src/daemon/api/subagent-utils.ts +113 -87
package/src/daemon/api/user-router.ts +34 -8
package/src/daemon/auth.ts +1 -0
package/src/daemon/cron.test.ts +62 -4
package/src/daemon/cron.ts +42 -16
package/src/daemon/events.ts +65 -0
package/src/daemon/index.ts +24 -1
package/src/daemon/message-interruption.test.ts +1 -0
package/src/daemon/message-jobs.test.ts +1 -0
package/src/daemon/message.ts +78 -14
package/src/daemon/observation.test.ts +26 -18
package/src/daemon/pending-replies.test.ts +112 -0
package/src/daemon/pending-replies.ts +162 -0
package/src/daemon/policy-request-service.ts +3 -1
package/src/daemon/policy-utils.test.ts +66 -1
package/src/daemon/policy-utils.ts +126 -1
package/src/daemon/request-store.ts +31 -0
package/src/daemon/routers/session-timeout.ts +4 -0
package/src/daemon/routers/slash-model.test.ts +344 -0
package/src/daemon/routers/slash-model.ts +207 -0
package/src/daemon/routers/slash-policies.test.ts +38 -32
package/src/daemon/routers/slash-policies.ts +84 -33
package/src/daemon/routers/slash-restart.test.ts +69 -0
package/src/daemon/routers/slash-restart.ts +36 -0
package/src/daemon/routers/slash-shutdown.test.ts +50 -0
package/src/daemon/routers/slash-shutdown.ts +28 -0
package/src/daemon/routers/slash-upgrade.test.ts +116 -0
package/src/daemon/routers/slash-upgrade.ts +76 -0
package/src/daemon/routers/types.ts +7 -0
package/src/daemon/routers.ts +16 -0
package/src/shared/adapters/blockquote.test.ts +28 -0
package/src/shared/adapters/blockquote.ts +20 -0
package/src/shared/adapters/filtering.test.ts +224 -10
package/src/shared/adapters/filtering.ts +95 -7
package/src/shared/adapters/inbound-cache.test.ts +48 -0
package/src/shared/adapters/inbound-cache.ts +54 -0
package/src/shared/adapters/turn-log-buffer.ts +266 -0
package/src/shared/adapters/turn-log.test.ts +389 -0
package/src/shared/adapters/turn-log.ts +357 -0
package/src/shared/agent-utils.ts +12 -5
package/src/shared/chats.test.ts +4 -0
package/src/shared/chats.ts +9 -0
package/src/shared/config.ts +16 -1
package/src/shared/lite.ts +76 -2
package/src/shared/policies.ts +26 -0
package/src/shared/template-manifest.ts +267 -0
package/src/shared/utils/shell.ts +61 -0
package/src/shared/version.ts +34 -0
package/src/shared/workspace.test.ts +217 -0
package/src/shared/workspace.ts +626 -48
package/templates/environments/cladding/allowlist-domain.mjs +125 -0
package/templates/environments/cladding/env.json +21 -1
package/templates/environments/cladding/run-with-network.mjs +54 -0
package/templates/environments/macos-proxy/allowlist-domain.mjs +95 -0
package/templates/environments/macos-proxy/env.json +8 -1
package/templates/environments/macos-proxy/proxy.mjs +42 -13
package/templates/gemini/template.json +5 -0
package/templates/gemini-claw/template.json +13 -0
package/templates/skills/clawmini-requests/SKILL.md +69 -10
package/templates/skills/run-host/SKILL.md +51 -0
package/templates/skills/skill-creator/SKILL.md +4 -3
package/templates/skills/skill-creator/scripts/validate.sh +52 -0
package/tsdown.config.ts +10 -1
package/vitest.config.ts +2 -2
package/web/.svelte-kit/ambient.d.ts +292 -176
package/web/.svelte-kit/generated/server/internal.js +1 -1
package/web/.svelte-kit/output/client/.vite/manifest.json +127 -137
package/web/.svelte-kit/output/client/_app/immutable/chunks/{Drm9vgeP.js → 3AZlWB6U.js} +1 -1
package/web/.svelte-kit/output/client/_app/immutable/chunks/BhRSsUCh.js +2 -0
package/web/.svelte-kit/output/client/_app/immutable/chunks/BiLeM2i1.js +1 -0
package/{dist/web/_app/immutable/chunks/CME08kGM.js → web/.svelte-kit/output/client/_app/immutable/chunks/BmBj85Ll.js} +1 -1
package/web/.svelte-kit/output/client/_app/immutable/chunks/BrERcKAH.js +1 -0
package/web/.svelte-kit/output/client/_app/immutable/chunks/Bv9252RM.js +1 -0
package/web/.svelte-kit/output/client/_app/immutable/chunks/CIXNBPKi.js +1 -0
package/web/.svelte-kit/output/client/_app/immutable/chunks/DISKL3GN.js +2 -0
package/web/.svelte-kit/output/client/_app/immutable/chunks/{Zeh-C-mx.js → DcpaLzmX.js} +1 -1
package/web/.svelte-kit/output/client/_app/immutable/chunks/DnQ3vS13.js +1 -0
package/web/.svelte-kit/output/client/_app/immutable/chunks/KsloHTKS.js +1 -0
package/{dist/web/_app/immutable/chunks/Ck-be5J2.js → web/.svelte-kit/output/client/_app/immutable/chunks/RsHsUj-8.js} +2 -2
package/web/.svelte-kit/output/client/_app/immutable/chunks/{G_zz-Gou.js → wpfV79dV.js} +1 -1
package/web/.svelte-kit/output/client/_app/immutable/entry/app.CIw1Qj0n.js +2 -0
package/web/.svelte-kit/output/client/_app/immutable/entry/start.Di0-Jhte.js +1 -0
package/web/.svelte-kit/output/client/_app/immutable/nodes/{0.CYS8iApT.js → 0.DYyUA1au.js} +1 -1
package/web/.svelte-kit/output/client/_app/immutable/nodes/1.D-3QEMMZ.js +1 -0
package/web/.svelte-kit/output/client/_app/immutable/nodes/{2.BnwnD1Ki.js → 2.4olHnH7U.js} +1 -1
package/{dist/web/_app/immutable/nodes/3.Dr0ot9sV.js → web/.svelte-kit/output/client/_app/immutable/nodes/3.4w0bE-m2.js} +3 -3
package/web/.svelte-kit/output/client/_app/immutable/nodes/4.CZvjhVHt.js +60 -0
package/web/.svelte-kit/output/client/_app/immutable/nodes/{5.BBGQ_i84.js → 5.DLbPVJY2.js} +1 -1
package/web/.svelte-kit/output/client/_app/version.json +1 -1
package/web/.svelte-kit/output/server/.vite/manifest.json +12 -10
package/web/.svelte-kit/output/server/chunks/Icon.js +1 -1
package/web/.svelte-kit/output/server/chunks/client.js +1 -1
package/web/.svelte-kit/output/server/chunks/exports.js +1 -1
package/web/.svelte-kit/output/server/chunks/index-server.js +2 -1
package/web/.svelte-kit/output/server/chunks/internal.js +1 -1
package/web/.svelte-kit/output/server/chunks/render-context.js +77 -0
package/web/.svelte-kit/output/server/chunks/root.js +739 -788
package/web/.svelte-kit/output/server/chunks/shared.js +234 -21
package/web/.svelte-kit/output/server/index.js +126 -90
package/web/.svelte-kit/output/server/manifest-full.js +1 -1
package/web/.svelte-kit/output/server/manifest.js +1 -1
package/web/.svelte-kit/output/server/nodes/0.js +1 -1
package/web/.svelte-kit/output/server/nodes/1.js +1 -1
package/web/.svelte-kit/output/server/nodes/2.js +1 -1
package/web/.svelte-kit/output/server/nodes/3.js +1 -1
package/web/.svelte-kit/output/server/nodes/4.js +1 -1
package/web/.svelte-kit/output/server/nodes/5.js +1 -1
package/web/.svelte-kit/output/server/remote-entry.js +245 -81
package/web/.svelte-kit/tsconfig.json +4 -1
package/dist/cli/propose-policy.mjs.map +0 -1
package/dist/lite-CBxOT1y5.mjs +0 -241
package/dist/lite-CBxOT1y5.mjs.map +0 -1
package/dist/routing-D8rTxtaV.mjs +0 -245
package/dist/routing-D8rTxtaV.mjs.map +0 -1
package/dist/web/_app/immutable/chunks/B6YN0Nuq.js +0 -1
package/dist/web/_app/immutable/chunks/BmRlVmv6.js +0 -1
package/dist/web/_app/immutable/chunks/CK9JZLaG.js +0 -2
package/dist/web/_app/immutable/chunks/Ck3rYNON.js +0 -1
package/dist/web/_app/immutable/chunks/DMtIqaiV.js +0 -2
package/dist/web/_app/immutable/chunks/DhD271EB.js +0 -1
package/dist/web/_app/immutable/chunks/DpuLqk8d.js +0 -1
package/dist/web/_app/immutable/chunks/DsIToJCP.js +0 -1
package/dist/web/_app/immutable/chunks/bBmtyQMj.js +0 -1
package/dist/web/_app/immutable/entry/app.CJmSwntr.js +0 -2
package/dist/web/_app/immutable/entry/start.ZpUrT2ak.js +0 -1
package/dist/web/_app/immutable/nodes/1.Bli0Hqzn.js +0 -1
package/dist/web/_app/immutable/nodes/4.oBhvQhcA.js +0 -60
package/dist/workspace-BJmJBfKi.mjs +0 -456
package/dist/workspace-BJmJBfKi.mjs.map +0 -1
package/src/cli/e2e/agents.test.ts +0 -140
package/src/cli/e2e/basic.test.ts +0 -43
package/src/cli/e2e/cron.test.ts +0 -132
package/src/cli/e2e/export-lite-func.test.ts +0 -206
package/src/cli/e2e/fallbacks.test.ts +0 -175
package/src/cli/e2e/init.test.ts +0 -77
package/src/cli/e2e/messages.test.ts +0 -332
package/src/cli/e2e/propose-policy.test.ts +0 -203
package/src/cli/e2e/requests.test.ts +0 -180
package/src/cli/e2e/session-timeout.test.ts +0 -192
package/src/cli/e2e/slash-new.test.ts +0 -93
package/src/cli/e2e/subagents.test.ts +0 -106
package/src/cli/e2e/utils.ts +0 -66
package/src/cli/propose-policy.ts +0 -91
package/web/.svelte-kit/output/client/_app/immutable/chunks/B6YN0Nuq.js +0 -1
package/web/.svelte-kit/output/client/_app/immutable/chunks/BmRlVmv6.js +0 -1
package/web/.svelte-kit/output/client/_app/immutable/chunks/CK9JZLaG.js +0 -2
package/web/.svelte-kit/output/client/_app/immutable/chunks/Ck3rYNON.js +0 -1
package/web/.svelte-kit/output/client/_app/immutable/chunks/DMtIqaiV.js +0 -2
package/web/.svelte-kit/output/client/_app/immutable/chunks/DhD271EB.js +0 -1
package/web/.svelte-kit/output/client/_app/immutable/chunks/DpuLqk8d.js +0 -1
package/web/.svelte-kit/output/client/_app/immutable/chunks/DsIToJCP.js +0 -1
package/web/.svelte-kit/output/client/_app/immutable/chunks/bBmtyQMj.js +0 -1
package/web/.svelte-kit/output/client/_app/immutable/entry/app.CJmSwntr.js +0 -2
package/web/.svelte-kit/output/client/_app/immutable/entry/start.ZpUrT2ak.js +0 -1
package/web/.svelte-kit/output/client/_app/immutable/nodes/1.Bli0Hqzn.js +0 -1
package/web/.svelte-kit/output/client/_app/immutable/nodes/4.oBhvQhcA.js +0 -60
package/web/.svelte-kit/output/server/chunks/false.js +0 -4
/package/dist/cli/{propose-policy.d.mts → manage-policies.d.mts} +0 -0
/package/{src/cli/e2e → e2e/_helpers}/global-setup.ts +0 -0

package/src/daemon/agent/turn-registry.test.ts ADDED Viewed

@@ -0,0 +1,89 @@
+import { describe, it, expect, beforeEach, vi, afterEach } from 'vitest';
+import {
+  registerTurn,
+  incrementSubagent,
+  decrementSubagent,
+  markParentExited,
+  _resetTurnRegistryForTests,
+  _getTurnStateForTests,
+} from './turn-registry.js';
+import { daemonEvents, DAEMON_EVENT_TURN_ENDED, type TurnEndedEvent } from '../events.js';
+describe('turn-registry', () => {
+  let ended: TurnEndedEvent[];
+  const capture = (e: TurnEndedEvent) => {
+    ended.push(e);
+  };
+  beforeEach(() => {
+    ended = [];
+    daemonEvents.on(DAEMON_EVENT_TURN_ENDED, capture);
+    _resetTurnRegistryForTests();
+  });
+  afterEach(() => {
+    daemonEvents.off(DAEMON_EVENT_TURN_ENDED, capture);
+    _resetTurnRegistryForTests();
+  });
+  it('fires turnEnded immediately when parent exits with no outstanding subagents', () => {
+    registerTurn('chat-1', 'turn-a');
+    markParentExited('turn-a', 'ok');
+    expect(ended).toEqual([{ chatId: 'chat-1', turnId: 'turn-a', outcome: 'ok' }]);
+    expect(_getTurnStateForTests('turn-a')).toBeUndefined();
+  });
+  it('defers turnEnded until outstanding subagents drain', () => {
+    registerTurn('chat-1', 'turn-a');
+    incrementSubagent('turn-a');
+    incrementSubagent('turn-a');
+    markParentExited('turn-a', 'ok');
+    expect(ended).toEqual([]);
+    decrementSubagent('turn-a');
+    expect(ended).toEqual([]);
+    decrementSubagent('turn-a');
+    expect(ended).toEqual([{ chatId: 'chat-1', turnId: 'turn-a', outcome: 'ok' }]);
+  });
+  it('preserves outcome=error when parent exited with an error', () => {
+    registerTurn('chat-1', 'turn-a');
+    incrementSubagent('turn-a');
+    markParentExited('turn-a', 'error');
+    decrementSubagent('turn-a');
+    expect(ended).toEqual([{ chatId: 'chat-1', turnId: 'turn-a', outcome: 'error' }]);
+  });
+  it('ignores decrements below zero and extra markParentExited calls', () => {
+    registerTurn('chat-1', 'turn-a');
+    decrementSubagent('turn-a'); // no-op
+    markParentExited('turn-a', 'ok');
+    markParentExited('turn-a', 'error'); // ignored
+    expect(ended).toEqual([{ chatId: 'chat-1', turnId: 'turn-a', outcome: 'ok' }]);
+  });
+  it('force-fires turnEnded with outcome=error when the timeout elapses', () => {
+    vi.useFakeTimers();
+    try {
+      registerTurn('chat-1', 'turn-a', 100);
+      incrementSubagent('turn-a');
+      markParentExited('turn-a', 'ok');
+      expect(ended).toEqual([]);
+      vi.advanceTimersByTime(150);
+      expect(ended).toEqual([{ chatId: 'chat-1', turnId: 'turn-a', outcome: 'error' }]);
+      // A later decrement after force-fire is a no-op (turn already removed).
+      decrementSubagent('turn-a');
+      expect(ended).toHaveLength(1);
+    } finally {
+      vi.useRealTimers();
+    }
+  });
+  it('is a no-op for unknown turnIds and undefined turnIds', () => {
+    incrementSubagent(undefined);
+    decrementSubagent(undefined);
+    incrementSubagent('never-registered');
+    decrementSubagent('never-registered');
+    markParentExited('never-registered', 'ok');
+    expect(ended).toEqual([]);
+  });
+});

package/src/daemon/agent/turn-registry.ts ADDED Viewed

@@ -0,0 +1,94 @@
+import { emitTurnEnded } from '../events.js';
+interface TurnState {
+  chatId: string;
+  outstanding: number;
+  parentExited: boolean;
+  outcome: 'ok' | 'error';
+  timeoutHandle: NodeJS.Timeout;
+}
+const turns = new Map<string, TurnState>();
+/**
+ * Watchdog for turns whose subagent count never drains. Pathological cases
+ * (crashed subagent, bug leaving the counter > 0) would otherwise pin the
+ * turn's activity log open indefinitely. Default is a guess — instrument
+ * before tuning.
+ */
+export const DEFAULT_TURN_MAX_DURATION_MS = 30 * 60 * 1000;
+export function registerTurn(
+  chatId: string,
+  turnId: string,
+  maxDurationMs: number = DEFAULT_TURN_MAX_DURATION_MS
+): void {
+  if (turns.has(turnId)) return;
+  const state: TurnState = {
+    chatId,
+    outstanding: 0,
+    parentExited: false,
+    outcome: 'ok',
+    timeoutHandle: setTimeout(() => {
+      const s = turns.get(turnId);
+      if (!s) return;
+      console.warn(
+        `Turn ${turnId} force-ended after ${maxDurationMs}ms (outstanding=${s.outstanding}).`
+      );
+      turns.delete(turnId);
+      emitTurnEnded({ chatId: s.chatId, turnId, outcome: 'error' });
+    }, maxDurationMs),
+  };
+  state.timeoutHandle.unref();
+  turns.set(turnId, state);
+}
+export function incrementSubagent(turnId: string | undefined): void {
+  if (!turnId) return;
+  const state = turns.get(turnId);
+  if (!state) return;
+  state.outstanding++;
+}
+export function decrementSubagent(turnId: string | undefined): void {
+  if (!turnId) return;
+  const state = turns.get(turnId);
+  if (!state) return;
+  state.outstanding = Math.max(0, state.outstanding - 1);
+  maybeFinalize(turnId, state);
+}
+/**
+ * Called once, when the parent agent's initial `handleMessage` promise
+ * settles. Records the outcome; the turn actually ends (emits `turnEnded`)
+ * only once the outstanding subagent count also reaches zero.
+ */
+export function markParentExited(turnId: string, outcome: 'ok' | 'error'): void {
+  const state = turns.get(turnId);
+  if (!state) return;
+  if (state.parentExited) return;
+  state.parentExited = true;
+  state.outcome = outcome;
+  maybeFinalize(turnId, state);
+}
+function maybeFinalize(turnId: string, state: TurnState): void {
+  if (!state.parentExited) return;
+  if (state.outstanding > 0) return;
+  clearTimeout(state.timeoutHandle);
+  turns.delete(turnId);
+  emitTurnEnded({ chatId: state.chatId, turnId, outcome: state.outcome });
+}
+/** Test hook: drop all state without emitting events. */
+export function _resetTurnRegistryForTests(): void {
+  for (const state of turns.values()) {
+    clearTimeout(state.timeoutHandle);
+  }
+  turns.clear();
+}
+/** Test hook: inspect registry state. */
+export function _getTurnStateForTests(turnId: string): Readonly<TurnState> | undefined {
+  return turns.get(turnId);
+}

package/src/daemon/agent/types.ts CHANGED Viewed

@@ -30,6 +30,7 @@ export interface Logger {
     event: SystemMessage['event'];
     messageId?: string;
     displayRole?: 'user' | 'agent';
+    jobId?: string;
   }): Promise<SystemMessage>;
   logSubagentStatus(options: {
     subagentId: string;
@@ -56,6 +57,7 @@ export interface Message {
   id: string;
   content: string;
   env: Record<string, string>;
+  turnId?: string;
 }
 export interface ExecutionResponse {

package/src/daemon/api/agent-policy-endpoints.ts ADDED Viewed

@@ -0,0 +1,263 @@
+import { z } from 'zod';
+import { TRPCError } from '@trpc/server';
+import fs from 'node:fs/promises';
+import path from 'node:path';
+import { randomUUID } from 'node:crypto';
+import { apiProcedure } from './trpc.js';
+import { getWorkspaceRoot, readPoliciesForPath, getClawminiDir } from '../../shared/workspace.js';
+import { pathIsInsideDir } from '../../shared/utils/fs.js';
+import { resolveAgentDir } from './router-utils.js';
+import { PolicyRequestService } from '../policy-request-service.js';
+import { RequestStore } from '../request-store.js';
+import {
+  executeSafe,
+  generateRequestPreview,
+  executeRequest,
+  resolveRequestCwd,
+  truncateLargeOutput,
+} from '../policy-utils.js';
+import { appendMessage, type PolicyRequestMessage } from '../chats.js';
+const MAX_POLICY_SCRIPT_BYTES = 1 * 1024 * 1024;
+// Above this, the script is copied into the agent's tmp/ instead of being
+// inlined in the response, so `requests show` does not flood the agent's
+// context with a long script body. Mirrors truncateLargeOutput in policy-utils.
+const MAX_INLINE_SCRIPT_LENGTH = 4000;
+export const listPolicies = apiProcedure.query(async ({ ctx }) => {
+  const workspaceRoot = getWorkspaceRoot();
+  const agentDir = await resolveAgentDir(ctx.tokenPayload?.agentId, workspaceRoot);
+  const config = await readPoliciesForPath(agentDir, workspaceRoot);
+  return { policies: config?.policies || {} };
+});
+// Returns the contents of a policy's script file. Restricted to scripts inside
+// `.clawmini/policy-scripts/` so an arbitrary `command` path (e.g. `/etc/passwd`
+// or a built-in node binary) cannot be exfiltrated through this endpoint.
+export const readPolicyScript = apiProcedure
+  .input(z.object({ commandName: z.string() }))
+  .query(async ({ input, ctx }) => {
+    const workspaceRoot = getWorkspaceRoot();
+    const agentDir = await resolveAgentDir(ctx.tokenPayload?.agentId, workspaceRoot);
+    const config = await readPoliciesForPath(agentDir, workspaceRoot);
+    const policy = config?.policies?.[input.commandName];
+    if (!policy) {
+      throw new TRPCError({
+        code: 'NOT_FOUND',
+        message: `Policy not found: ${input.commandName}`,
+      });
+    }
+    const scriptsDir = path.join(getClawminiDir(), 'policy-scripts');
+    const resolvedCommand = path.resolve(policy.command);
+    if (!pathIsInsideDir(resolvedCommand, scriptsDir, { allowSameDir: false })) {
+      throw new TRPCError({
+        code: 'BAD_REQUEST',
+        message: `Policy '${input.commandName}' does not point at a script in policy-scripts/.`,
+      });
+    }
+    // realpath resolves symlinks in both paths; without this, a symlink inside
+    // policy-scripts/ pointing at /etc/passwd would pass the string-prefix
+    // check above, then fs.stat/readFile would dereference and exfiltrate.
+    let realCommand: string;
+    let realScriptsDir: string;
+    try {
+      realCommand = await fs.realpath(resolvedCommand);
+    } catch (err) {
+      throw new TRPCError({
+        code: 'NOT_FOUND',
+        message: `Script file not found for policy '${input.commandName}': ${
+          err instanceof Error ? err.message : String(err)
+        }`,
+      });
+    }
+    try {
+      realScriptsDir = await fs.realpath(scriptsDir);
+    } catch {
+      throw new TRPCError({
+        code: 'BAD_REQUEST',
+        message: `Policy '${input.commandName}' does not point at a script in policy-scripts/.`,
+      });
+    }
+    if (!pathIsInsideDir(realCommand, realScriptsDir, { allowSameDir: false })) {
+      throw new TRPCError({
+        code: 'BAD_REQUEST',
+        message: `Policy '${input.commandName}' does not point at a script in policy-scripts/.`,
+      });
+    }
+    let stat;
+    try {
+      stat = await fs.stat(realCommand);
+    } catch (err) {
+      throw new TRPCError({
+        code: 'NOT_FOUND',
+        message: `Script file not found for policy '${input.commandName}': ${
+          err instanceof Error ? err.message : String(err)
+        }`,
+      });
+    }
+    if (!stat.isFile()) {
+      throw new TRPCError({
+        code: 'BAD_REQUEST',
+        message: `Script path for policy '${input.commandName}' is not a regular file.`,
+      });
+    }
+    if (stat.size > MAX_POLICY_SCRIPT_BYTES) {
+      throw new TRPCError({
+        code: 'BAD_REQUEST',
+        message: `Script file exceeds the ${MAX_POLICY_SCRIPT_BYTES}-byte limit.`,
+      });
+    }
+    if (stat.size > MAX_INLINE_SCRIPT_LENGTH) {
+      const tmpDir = path.join(agentDir, 'tmp');
+      await fs.mkdir(tmpDir, { recursive: true });
+      const ext = path.extname(realCommand);
+      const safeName = input.commandName.replace(/[^a-zA-Z0-9._-]/g, '_');
+      const destPath = path.join(tmpDir, `policy-script-${safeName}${ext}`);
+      await fs.copyFile(realCommand, destPath);
+      return {
+        path: realCommand,
+        size: stat.size,
+        spilledTo: `./tmp/policy-script-${safeName}${ext}`,
+      };
+    }
+    const content = await fs.readFile(realCommand, 'utf8');
+    return { path: realCommand, size: stat.size, content };
+  });
+export const executePolicyHelp = apiProcedure
+  .input(z.object({ commandName: z.string() }))
+  .query(async ({ input, ctx }) => {
+    const workspaceRoot = getWorkspaceRoot();
+    const agentDir = await resolveAgentDir(ctx.tokenPayload?.agentId, workspaceRoot);
+    const config = await readPoliciesForPath(agentDir, workspaceRoot);
+    const policy = config?.policies?.[input.commandName];
+    if (!policy) {
+      throw new TRPCError({
+        code: 'NOT_FOUND',
+        message: `Policy not found: ${input.commandName}`,
+      });
+    }
+    if (!policy.allowHelp) {
+      return { stdout: '', stderr: 'This command does not support --help\n', exitCode: 1 };
+    }
+    const fullArgs = [...(policy.args || []), '--help'];
+    const { stdout, stderr, exitCode } = await executeSafe(policy.command, fullArgs, {
+      cwd: getWorkspaceRoot(),
+    });
+    return { stdout, stderr, exitCode };
+  });
+export const createPolicyRequest = apiProcedure
+  .input(
+    z.object({
+      commandName: z.string(),
+      args: z.array(z.string()),
+      fileMappings: z.record(z.string(), z.string()),
+      // Path traversal is guarded by assertPathInsideDir in resolveRequestCwd
+      // (policy-utils.ts), which realpath-resolves the cwd before comparing —
+      // so it covers encoded separators, symlinks, etc.
+      cwd: z.string().optional(),
+    })
+  )
+  .mutation(async ({ input, ctx }) => {
+    if (!ctx.tokenPayload) throw new TRPCError({ code: 'UNAUTHORIZED', message: 'Missing token' });
+    const workspaceRoot = getWorkspaceRoot(process.cwd());
+    const snapshotDir = path.join(getClawminiDir(process.cwd()), 'tmp', 'snapshots');
+    const store = new RequestStore(process.cwd());
+    const agentDir = await resolveAgentDir(ctx.tokenPayload?.agentId, workspaceRoot);
+    const service = new PolicyRequestService(store, agentDir, snapshotDir);
+    const chatId = ctx.tokenPayload.chatId;
+    const agentId = ctx.tokenPayload.agentId;
+    const config = await readPoliciesForPath(agentDir, workspaceRoot);
+    const policy = config?.policies?.[input.commandName];
+    if (!policy) {
+      throw new TRPCError({
+        code: 'NOT_FOUND',
+        message: `Policy not found: ${input.commandName}`,
+      });
+    }
+    const isAutoApprove = !!policy.autoApprove;
+    const request = await service.createRequest(
+      input.commandName,
+      input.args,
+      input.fileMappings,
+      chatId,
+      agentId,
+      isAutoApprove,
+      ctx.tokenPayload.subagentId,
+      input.cwd
+    );
+    if (isAutoApprove) {
+      const hostCwd = await resolveRequestCwd(request.cwd, agentId, workspaceRoot);
+      const result = await executeRequest(request, policy, hostCwd);
+      const { exitCode, commandStr } = result;
+      const { stdout, stderr } = await truncateLargeOutput(
+        result.stdout,
+        result.stderr,
+        request.id,
+        agentId
+      );
+      request.executionResult = { stdout, stderr, exitCode };
+      const logMsg: PolicyRequestMessage = {
+        id: randomUUID(),
+        // TODO: we should store the message ID in the CLAW_API_TOKEN, and extract it here
+        messageId: randomUUID(),
+        role: 'policy',
+        requestId: request.id,
+        commandName: input.commandName,
+        args: input.args,
+        status: 'approved',
+        content: `[Auto-approved] Policy ${input.commandName} was executed.\n\nCommand: ${commandStr}\nExit Code: ${exitCode}\n\nStdout:\n${stdout}\n\nStderr:\n${stderr}`,
+        timestamp: new Date().toISOString(),
+        sessionId: ctx.tokenPayload.sessionId,
+        ...(ctx.tokenPayload.subagentId ? { subagentId: ctx.tokenPayload.subagentId } : {}),
+        ...(ctx.tokenPayload.turnId ? { turnId: ctx.tokenPayload.turnId } : {}),
+      };
+      await appendMessage(chatId, logMsg);
+      return request;
+    }
+    const previewContent = await generateRequestPreview(request);
+    const logMsg: PolicyRequestMessage = {
+      id: randomUUID(),
+      // TODO: we should store the message ID in the CLAW_API_TOKEN, and extract it here
+      messageId: randomUUID(),
+      role: 'policy',
+      requestId: request.id,
+      commandName: input.commandName,
+      args: input.args,
+      status: 'pending',
+      content: previewContent,
+      timestamp: new Date().toISOString(),
+      displayRole: 'agent',
+      sessionId: ctx.tokenPayload.sessionId,
+      ...(ctx.tokenPayload.turnId ? { turnId: ctx.tokenPayload.turnId } : {}),
+    };
+    await appendMessage(chatId, logMsg);
+    return request;
+  });

package/src/daemon/api/agent-router.ts CHANGED Viewed

@@ -1,19 +1,14 @@
 import { z } from 'zod';
 import { randomUUID } from 'node:crypto';
-import path from 'node:path';
 import { TRPCError } from '@trpc/server';
 import {
   appendMessage,
   type CommandLogMessage,
   type AgentReplyMessage,
   type ToolMessage,
-  type PolicyRequestMessage,
 } from '../chats.js';
-import { executeSafe, generateRequestPreview, executeRequest } from '../policy-utils.js';
-import { getWorkspaceRoot, readPolicies, getClawminiDir } from '../../shared/workspace.js';
-import { PolicyRequestService } from '../policy-request-service.js';
-import { RequestStore } from '../request-store.js';
-import { CronJobSchema } from '../../shared/config.js';
+import { getWorkspaceRoot } from '../../shared/workspace.js';
+import type { CronJob } from '../../shared/config.js';
 import { apiProcedure, router } from './trpc.js';
 import { taskScheduler } from '../agent/task-scheduler.js';
 import { formatPendingMessages } from '../agent/utils.js';
@@ -62,7 +57,9 @@ export const logMessage = apiProcedure
       command: `clawmini-lite log${filesArgStr}`,
       cwd: process.cwd(),
       exitCode: 0,
+      sessionId: ctx.tokenPayload.sessionId,
       ...(ctx.tokenPayload.subagentId ? { subagentId: ctx.tokenPayload.subagentId } : {}),
+      ...(ctx.tokenPayload.turnId ? { turnId: ctx.tokenPayload.turnId } : {}),
       ...(filePaths.length > 0 ? { files: filePaths } : {}),
     };
@@ -99,7 +96,9 @@ export const logReplyMessage = apiProcedure
       role: 'agent',
       content: input.message,
       timestamp,
+      sessionId: ctx.tokenPayload.sessionId,
       ...(ctx.tokenPayload.subagentId ? { subagentId: ctx.tokenPayload.subagentId } : {}),
+      ...(ctx.tokenPayload.turnId ? { turnId: ctx.tokenPayload.turnId } : {}),
       ...(filePaths.length > 0 ? { files: filePaths } : {}),
     };
@@ -141,7 +140,9 @@ export const logToolMessage = apiProcedure
       payload: payloadObj,
       content: contentStr,
       timestamp,
+      sessionId: ctx.tokenPayload.sessionId,
       ...(ctx.tokenPayload.subagentId ? { subagentId: ctx.tokenPayload.subagentId } : {}),
+      ...(ctx.tokenPayload.turnId ? { turnId: ctx.tokenPayload.turnId } : {}),
     };
     await appendMessage(chatId, logMsg);
@@ -154,12 +155,42 @@ export const agentListCronJobs = apiProcedure.query(async ({ ctx }) => {
   return listCronJobsShared(chatId);
 });
+// Agents may only set a restricted subset of CronJob fields. The remaining
+// fields (agentId, createdAt, env, nextSessionId, action, jobs) are reserved
+// for internal use and filled in by the server.
+export const AgentCronJobInputSchema = z.strictObject({
+  id: z.string().min(1),
+  message: z.string().default(''),
+  reply: z.string().optional(),
+  session: z
+    .union([
+      z.strictObject({ type: z.literal('new') }),
+      z.strictObject({ type: z.literal('existing'), id: z.string() }),
+    ])
+    .optional(),
+  schedule: z.union([
+    z.strictObject({ cron: z.string() }),
+    z.strictObject({ every: z.string() }),
+    z.strictObject({ at: z.string() }),
+  ]),
+});
+export type AgentCronJobInput = z.infer<typeof AgentCronJobInputSchema>;
 export const agentAddCronJob = apiProcedure
-  .input(z.object({ job: CronJobSchema }))
+  .input(z.object({ job: AgentCronJobInputSchema }))
   .mutation(async ({ input, ctx }) => {
     if (!ctx.tokenPayload) throw new TRPCError({ code: 'UNAUTHORIZED', message: 'Missing token' });
     const chatId = ctx.tokenPayload.chatId;
-    const job = { ...input.job, agentId: ctx.tokenPayload.agentId };
+    const job: CronJob = {
+      id: input.job.id,
+      message: input.job.message,
+      schedule: input.job.schedule,
+      createdAt: new Date().toISOString(),
+      agentId: ctx.tokenPayload.agentId,
+      ...(input.job.reply !== undefined ? { reply: input.job.reply } : {}),
+      ...(input.job.session !== undefined ? { session: input.job.session } : {}),
+    };
     return addCronJobShared(chatId, job);
   });
@@ -171,123 +202,12 @@ export const agentDeleteCronJob = apiProcedure
     return deleteCronJobShared(chatId, input.id);
   });
-export const listPolicies = apiProcedure.query(async () => {
-  return await readPolicies();
-});
-export const executePolicyHelp = apiProcedure
-  .input(z.object({ commandName: z.string() }))
-  .query(async ({ input }) => {
-    const config = await readPolicies();
-    const policy = config?.policies?.[input.commandName];
-    if (!policy) {
-      throw new TRPCError({
-        code: 'NOT_FOUND',
-        message: `Policy not found: ${input.commandName}`,
-      });
-    }
-    if (!policy.allowHelp) {
-      return { stdout: '', stderr: 'This command does not support --help\n', exitCode: 1 };
-    }
-    const fullArgs = [...(policy.args || []), '--help'];
-    const { stdout, stderr, exitCode } = await executeSafe(policy.command, fullArgs, {
-      cwd: getWorkspaceRoot(),
-    });
-    return { stdout, stderr, exitCode };
-  });
-export const createPolicyRequest = apiProcedure
-  .input(
-    z.object({
-      commandName: z.string(),
-      args: z.array(z.string()),
-      fileMappings: z.record(z.string(), z.string()),
-    })
-  )
-  .mutation(async ({ input, ctx }) => {
-    if (!ctx.tokenPayload) throw new TRPCError({ code: 'UNAUTHORIZED', message: 'Missing token' });
-    const workspaceRoot = getWorkspaceRoot(process.cwd());
-    const snapshotDir = path.join(getClawminiDir(process.cwd()), 'tmp', 'snapshots');
-    const store = new RequestStore(process.cwd());
-    const agentDir = await resolveAgentDir(ctx.tokenPayload?.agentId, workspaceRoot);
-    const service = new PolicyRequestService(store, agentDir, snapshotDir);
-    const chatId = ctx.tokenPayload.chatId;
-    const agentId = ctx.tokenPayload.agentId;
-    const config = await readPolicies();
-    const policy = config?.policies?.[input.commandName];
-    if (!policy) {
-      throw new TRPCError({
-        code: 'NOT_FOUND',
-        message: `Policy not found: ${input.commandName}`,
-      });
-    }
-    const isAutoApprove = !!policy.autoApprove;
-    const request = await service.createRequest(
-      input.commandName,
-      input.args,
-      input.fileMappings,
-      chatId,
-      agentId,
-      isAutoApprove,
-      ctx.tokenPayload.subagentId
-    );
-    if (isAutoApprove) {
-      const { stdout, stderr, exitCode, commandStr } = await executeRequest(
-        request,
-        policy,
-        getWorkspaceRoot()
-      );
-      request.executionResult = { stdout, stderr, exitCode };
-      await store.save(request);
-      const logMsg: PolicyRequestMessage = {
-        id: randomUUID(),
-        // TODO: we should store the message ID in the CLAW_API_TOKEN, and extract it here
-        messageId: randomUUID(),
-        role: 'policy',
-        requestId: request.id,
-        commandName: input.commandName,
-        args: input.args,
-        status: 'approved',
-        content: `[Auto-approved] Policy ${input.commandName} was executed.\n\nCommand: ${commandStr}\nExit Code: ${exitCode}\n\nStdout:\n${stdout}\n\nStderr:\n${stderr}`,
-        timestamp: new Date().toISOString(),
-        ...(ctx.tokenPayload.subagentId ? { subagentId: ctx.tokenPayload.subagentId } : {}),
-      };
-      await appendMessage(chatId, logMsg);
-      return request;
-    }
-    const previewContent = await generateRequestPreview(request);
-    const logMsg: PolicyRequestMessage = {
-      id: randomUUID(),
-      // TODO: we should store the message ID in the CLAW_API_TOKEN, and extract it here
-      messageId: randomUUID(),
-      role: 'policy',
-      requestId: request.id,
-      commandName: input.commandName,
-      args: input.args,
-      status: 'pending',
-      content: previewContent,
-      timestamp: new Date().toISOString(),
-      displayRole: 'agent',
-    };
-    await appendMessage(chatId, logMsg);
-    return request;
-  });
+import {
+  listPolicies,
+  executePolicyHelp,
+  createPolicyRequest,
+  readPolicyScript,
+} from './agent-policy-endpoints.js';
 import { ping } from './user-router.js';
@@ -325,6 +245,7 @@ export const agentRouter = router({
   listPolicies,
   executePolicyHelp,
   createPolicyRequest,
+  readPolicyScript,
   fetchPendingMessages,
   ping,
   subagentSpawn,